All articles

SAML SSO Azure AD: Implementation Guide

Table 53. Availability - Legacy plans



The configuration of single logout for Azure AD isn't supported.

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. Azure AD provides a SAML SSO service that allows users to enter login information once and then access all work applications and tools, including Wrike, without being prompted to log in to each of them.


More information, including details of the benefits and limitations of setting up single sign-on, can be found in our SAML SSO: User Guide.

Set up SAML SSO integration with Azure AD

Before you begin

  • You'll need your account ID to set up the integration. To find it, log in to your Wrike account via a browser and locate the numbers between “acc=” and “#” in the address bar.

    For example, account ID 123456 would look like this in the address bar:

  • Note: After you go through all the steps of the setup in your Azure account, you'll still need to contact Wrike Support to finalize the integration.

Set up the integration

  1. Go to the Azure portal and log in to your admin account.

  2. Select Azure Active Directory from the left-hand navigation panel.

  3. Select Enterprise applications from the list.

  4. Next, select All applications.

  5. Click New application at the top of the page.

  6. Scroll to the Add from gallery section and search for Wrike using the search bar, or select it from the list below.

  7. Click Add from the bottom-right corner. The application is added.

  8. Select Single sign-on from the left-hand panel.

  9. Select a single sign-on method. To integrate Azure with Wrike, you need to select SAML from the list.

  10. In the next window, locate the Basic SAML Configuration section and click the pencil icon in the upper-right corner.

  11. In the window that opens, enter the following information:

    • In the field under Identifier (Entity ID), enter:

    • In the field under Reply URL (Assertion Consumer Service URL), enter the URL string and make this URL the default one using the checkbox to the right.


      The “SSO” part of the URL must be capitalized.

  12. Leave the fields Sign on URL, Relay State, and Logout URL blank.

  13. Click the Save button at the top.

  14. Then click X in the upper-right corner to move to the next step.

  15. Scroll down to the User Attribute and Claims section and click the pencil icon in the upper-right corner.

  16. In the window that opens, click the Email address claim.

  17. In the Source attribute drop-down menu, select user.mail.

  18. Click Save at the top of the window.

  19. Close the current window by clicking the X in the upper-right corner.

  20. Click Save again to save the User Attribute and Claims settings.

  21. Then click the X icon in the upper-right corner to move to the next step.

  22. Scroll down to the SAML Signing Certificate section.

  23. Click Download located next to the Federation metadata XML.

  24. The generated XML file is downloaded. Upload the generated metadata from the file to your Wrike account as described in the "Enable single sign-on" section on this page, and then contact Wrike Support to finalize the setup.

Once Support receives your request, they’ll finalize the SAML integration setup for you. As soon as the integration is finalized, the SAML login flow between Wrike and Azure AD will be fully supported.


After the SSO setup is finished, we recommend testing it in the optional mode, where users can still log in to Wrike using their password. To ensure that user authorization is working correctly:

  1. Open a new window in incognito mode.

  2. Go to IDP Login and log in to Wrike.

  3. Provide your login information.

If everything goes fine, you'll be logged in to Wrike. After that, you can proceed with enforcing SSO login for all users in the account.